These companies should be run out of business. I'm not a big fan of government regulation, but this is a case where it's needed. Poor engineering of products with safety critical aspects should not be tolerated.

Agreed. But that doesn't mean that we should tempt fate and try to blow up those poorly engineered products in the meantime.

You know, it is a bit like a kid poking nails into an outlet. 99.9% of time nothing happens - some outlets have shutters, kid is lucky and is poking in the "wrong" hole, etc. Then the chance strikes - and my former colleague woke up at 5AM to a blaring fire alarm and a smouldering wall because the junior managed to push a piece of naked wire into the outlet (that was in Switzerland where shuttered outlets aren't the norm). Pontificating about things being poorly engineered wouldn't have helped him any - he still had a major repair on his hands and was extremely lucky that nobody got hurt.

Also the assumption FTDI present and future detection algorithms will never be wrong is a false one.

Can you provide a link to a documented event that shows that FDTI wrongly detected a non-genuine chipwhile in reality it was genuine?

I think I can make the driver do that with some effort (where can I send the bill?). I've seen enough instability issues with the FTDI USB-UART chip in question. Also it is hard to predict what the cloners will come up with next and how the algorithm in the driver will deal with those. Sooner or later the driver will be susceptible to false positives because only code which isn't there is 100% free of errors.

Logged

There are small lies, big lies and then there is what is on the screen of your oscilloscope.

Any competent designer of a product with a critical safety factor involved is going to take special care that the device cannot malfunction if it gets bad data from an FTDI chip or any other source.

Wrong.Any competent designer of a product with a critical safety factor involved is going to take special care to reduce the likelihood of device malfunction down to an acceptable level.There is no zero risk.

In the specific case I mentioned (the device knows it has bad data from a data source) it is possible to ensure that nothing bad happens to a very high degree of certainty. I'll not split hairs with you, but it's that "nothing's perfect" mentality that leads to all of the crap designs on the market today. Most of the cheap consumer crap is that way because consumers are not willing to pay for quality. All they care about is price. That's why they buy poorly designed disposable crap at Wal*Mart (a U.S. chain of stores that caters to this crowd) that ends up in a landfill a few months later. Extending this to the realm of this forum, it's why many people here are so eager to buy cheap Arduino and Segger J-Link clones from China -- they don't care about quality or the fact that these products rip off the original designer of these items. They're the same people who'd buy counterfeit Rolex watches or Prada shoes.

Extending this to the realm of this forum, it's why many people here are so eager to buy cheap Arduino and Segger J-Link clones from China -- they don't care about quality or the fact that these products rip off the original designer of these items.

They're the same people who'd buy counterfeit Rolex watches or Prada shoes.

What? you mean there are electronic hobbyists who are worried about status symbols and fashion and buy these things based on how they look and not function?

I think that is a poor analogy.

A better one might be someone who buys a cheap automobile to get themselves from point A to B, knowing full well that it is not the same quality and may not last as long as a quality product. Still it works for their purpose. For most the technical details of why it is lower quality are unimportant to them. Patent or trademark infringements, "fake" versus real and underlying details of the technology they leave to the manufactures and legal system to sort out.

Let's say the rubber diaphragm in the carburetor of my car failed, so I went and bought a new one, replaced the failed one and my car works again. Unknown to me, the new diaphragm is a counterfeit, made from cheaper materials and won't last as long, but should still last a while. However, while I was at a gas station one day, a man came by, opened he hood of my car, found out that the diaphragm is not genuine and cut it up making my car inoperable (FTDIgate 1) or fixed the throttle valve to full open (FTDIgate 2). I do not think I would be OK with that and my anger would be with the man who disabled my car. If and when the fake part failed prematurely by itself, only then my anger would be with the counterfeiter.

But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...

Let's say the rubber diaphragm in the carburetor of my car failed, so I went and bought a new one, replaced the failed one and my car works again. Unknown to me, the new diaphragm is a counterfeit, made from cheaper materials and won't last as long, but should still last a while. However, while I was at a gas station one day, a man came by, opened he hood of my car, found out that the diaphragm is not genuine and cut it up making my car inoperable (FTDIgate 1) or fixed the throttle valve to full open (FTDIgate 2). I do not think I would be OK with that and my anger would be with the man who disabled my car. If and when the fake part failed prematurely by itself, only then my anger would be with the counterfeiter.

But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...

Don't bother, people like Karel or suicidaleggroll will try to convince you that it is all your fault because you weren't supposed to be cheap and not do your due diligence by demanding a certificate of authenticity from whoever sold you the diaphragm and all their suppliers down to the grunt somewhere in Malaysia who actually made it. In fact, you should have stood behind him and watched him making it in order to be sure that he doesn't replace it with a counterfeit behind your back. See, you didn't do it, it is all your fault!

Then you will have some other folks who will tell you it is the car manufacturer's fault because the car shouldn't be so poorly designed as to let the nefarious guy open the hood and break your car.

And then you will have cops who are hopefully not engineers and thus will do the common sense thing instead of blaming the victim - put the saboteur behind bars.

You can't win with these trolls. Fortunately the people who actually are empowered to do something about it tend to know better - Microsoft pulled the driver last time and it is very likely they will do it again once a sufficiently big stink is raised.

But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...

That is only because some governments have decided, in the specific case of cars, but also in some other consumer goods, that the public good of there being cheap replacement parts available for cars of any age is a greater good than that of car manufacturers being able to extract maximum profit from their intellectual property. It does remind us that the exploitation of intellectual property is not some sort of natural right, but enabled by political decision.

Surprise that you said this. Of course, it is speculation when you have no real body count to prove . Once you have one, it becomes a crisis when something not suppose to happen happens, and people started to ask where are all the planning, thinking, and were the engineers sleeping?

Speculation is all I need to spec out another device. Unless there is a particular feature that no other chip has I just look at the next best choice.

FTDI could easily kill the clones by selling at a lower or equal cost. Either that or discontinue the chip and come out with a replacement that has a wiz bang feature. Easy no, but better than having the brand damaged.

FTDI could easily kill the clones by selling at a lower or equal cost.

Kind like you losing out to a clone of yours in India because he could do your job at a lower cost. You went home and you wife told you: "you could have easily killed that clone by selling your labor at an even lower cost."

After a few rounds of such competition, you may come to appreciate FTDI's position.

They are a shitty company, with zero respect for the end-users (who may or most likely may not [which was my case] be aware that their chip is fake).

It's not like we don't have alternatives and we really need them. There are plenty of options out there, from complete software solutions (like V-USB) to other dedicated alternatives, like the CH340G chip, and other solutions from Prolific, Texas, Cypress, Silicon Labs, Microchip, and a few others.

The sooner people stop caring about FTDI and stop using their products, the sooner we'll be rid of the problem.

This, absolutely. It's hilarious and a bit sad that FTDI think it's even worth trying to "protect" their IP for what amounts to an IC that would be considered almost trivial in functionality these days. The fact that it's been cloned and there are so many other implementations says that what they have is nothing special. It's just a bloody USB-RS232 converter... the sooner people stop choosing them and move to cheaper, less hostile alternatives, the better.

My question will be, why would a company develop a product that uses the manufacturer's default VID and PID, knowing that any program that can talk to a COM port could cause damage or be dangerous?

Nah, those products are done by cheap and hobby level products and won't invest in making sure their device is bullet proof.

Regardless of FTDI or whatever other chip is used.

If the product uses the FTDI chip, it is the simplest way to use the manufacturers VID and PID, because otherwise you would have to provide an INF file (which needs to be signed for newer Windows versions), which would simply reference the ftdibus.sys driver anyway. As I've tested, the standard Microsoft usbser.sys doesn't work with the FTDI chips.

I think there is nothing wrong with protecting the IP. I really like the functionality of the FTDI chips, especially the modern versions, like the FT2232H, which you can use as a JTAG programmer as well (supported out of the box by the Lattice FPGA programmer). It is some work to produce a good working chip with driver support for all operating systems that usually just works. Cheaper alternatives are not as good, like the MCP2221, which has a gap of 30 us between bytes, so it is useless for modern higher baud rates like 1 Mbaud and even at 115,200 baud the effective baud rate will be solwer than possible.

Of course, it is another question how to protect the IP. Providing test tools, even displaying a warning for counterfeits is ok, but the product should still work, even if it uses a counterfeit. Or maybe show a warning which says that it will stop working after a month. Then the users have time to replace it, or get the money back from the eBay sellers.

So then any other FT232r based program could cause problems with your device if you leave the PID and VID to be the default one, unless you make sure it doesn't react to random chatter.

It is mapped to a serial port (unless you've configured it for the "D2XX Direct" driver), so yes, any program which can send data to a serial port can cause problems with such a device. PID and VID doesn't matter, it will be still a serial port. The only advantage of a custom PID and VID with FTDI chips would be that the intended program could detect its device without the need for the user to specify the serial port number or sending random (for other devices) characters to all COM ports.

If you need a more professional solution, libusb might be better, but more work for the software side, too. On the microcontroller side it is not that much more work, at least was easy last time I tested it with the mbed framework on an LPC series chip from NXP.

Having thought about this for the past 2-3 days, I am actually now supporting FTDI's decision to do this. Counterfeit components not only hurt the original manufacturer, but also their customers who designed their chips into their products. Because it creates an uneven playing field between those who buy legitimate components and those who have access to counterfeits which cost 1/10th the price.

- Sell cheaper (that's really overdue, FTDI is overpriced, and their design is old and amortized)- upgrade your products, and make your customer like the non compatible new features ( by being useful, not the actual kind of upgrade from FTDI)- get to new markets when your product line is dying off (and don't get angry customers just when you need them to adopt your new products)- in case of FTDI, stop being a malware company

Also, if you really don't want to be copied,cloned or even counterfeit, there's a simple and very effective solution:- Be mean, stay small : cloners concentrate on top seller products with very high margin- Be cheap yet effective : reduce the margin of potential cloners by using cost effective solution on your side, with a reasonable quality